Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

IIT Bombay and IIT Kharagpur Hacked By An Indian Hacker Cryptolulz666

 

 

Indian Institute of Technology (IIT), is the top rated higher level education institution of INDIA which is one from the world's top 200 colleges. The branches of IIT are located in 23 different states and cities of INDIA. The students of whole INDIA dreams to took admission in IIT. They work hard to do so. But an Indian Hacker is doing something different to be accepted by IIT Bombay. Recently, the database of IIT Bombay and IIT Kharagpur has been hacked by “Cryptolulz” who is using available on twitter (@Cryptolulz666). After breaching the database of both IIT branches, he leaked it on the “Pastebin”. Initially, he hacked IIT Bombay and leaked 54 tables of the database on Pastebin. After few hours, he did same with IIT Kharagpur.

 

About The Hacker

The Cryptolulz hacker contacts the CISO of Bit4ld (Pierluigi Paganini) and said that he is an INDIAN guy who is very passionate about cyber security. He also added that this attack is very important for him because he always dreams to be a part of one of the world’s top 200 colleges.  He said that he spent all his life to be accepted by IIT Bombay. According to a blog post of Pierluigi, the hacker told him that he is too young but he is capable of hacking into the database of world’s top institutes.

 

 

 

Type of Attack?

Pierluigi Paganini contacted by the hacker and he told that he performed “Blind SQL Injection Attack” to breach the both databases. It is obvious, that there was security vulnerability which allowed him to perform such type of critical cyber-attack. Further, he added that the site of IIT Bombay is also vulnerable to a special type of Cross Site Scripting (XSS) attack. The hacker said that he has informed the administrators about the hack but he didn’t get any response from them.

 

Leaked Information

In his Pastebin post, the hacker mentions that there were around 12000 records in the database but he only dumped a quarter of it because rest of the database contains legal stuff. The leaked information contains database table names, user id, user password, department, user type, date of joining and email ids. It is not clear yet, whether the leaked belongs to students of staff. This information is available in the database which has been leaked by the hacker on PasteBin. Maybe he has the access to the whole database and he leaked a small piece of it as a proof in the PasteBin. 

 

 

Reason Behind This Attack?

We all know “Kapustkiy”. The hacker, who is hacking government websites to aware the web admins about the need for cyber security. This hacker is also following the same principles. The “Cryptolulz” hacker told that the reason behind this hack was to aware the web admins of one of the world’s 200 top colleges about the importance of cyber-security. The main reason of the hacker behind this hack is to be a part of IIT Bombay.

 

Source: securityaffairs.co, PasteBin

 

Similar Articles:

Official Website of “Eastern India Regional Council” Hacked, 17000 User Accounts Exposed

7 Indian Embassies Hacked By Two Grey Hat Hackers!

Beware Axis Bank and SBI Bank Users! ATM Details Hacked!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.